ZipRecruiter

Log In

1

Security Operation Analyst Jobs (NOW HIRING)

3B Staffing LLC

Operation Analyst

Manhattan, NY · On-site

Title: Operation Analyst Location : New York, NY Duration: Fulltime Provides broad range of ... security, integration, performance, quality, and operations • Identify and address application ...

K&L Gates

Senior Manager, Security Operation

Austin, TX · On-site

$148K - $296K/yr

... analysis using defense tools like firewalls, intrusion detection/prevention systems, and host-based ... security operations. • Demonstrate the ability to build and sustain productive working ...

Astranis

Security Operations Analyst

San Francisco, CA · On-site

Security Operations Analyst Astranis is looking for a Security Operations Analyst who isn't afraid to dive headfirst into the digital abyss. Our ideal candidate is enthusiastic about security and has ...

Alignerr

Security Operations Analyst

Phoenix, AZ · Remote

$30 - $60/hr

Security Operations Analyst $30-60/hr Remote Freelance CODING About the Role We're partnering with leading AI research labs to build the next generation of intelligent security systems. As a Security ...

Thomson Reuters

Security Operations Analyst

Eagan, MN · On-site

About the Role In this opportunity as a Security Operations Analyst, you will: * Perform continuous security monitoring and incident response for a global enterprise environment * Respond to, analyze ...

THOMSON REUTERS

Security Operations Analyst

Eagan, MN · Hybrid

About the Role In this opportunity as a Security Operations Analyst, you will: * Perform continuous security monitoring and incident response for a global enterprise environment * Respond to, analyze ...

next page

Showing results 1-20

People also search for

All JobsSecurity Operation Analyst Jobs

Security Operation Analyst information

See salary details

$17

$44

$60

How much do security operation analyst jobs pay per hour?

As of Jun 5, 2026, the average hourly pay for security operation analyst in the United States is $44.14, according to ZipRecruiter salary data. Most workers in this role earn between $34.62 and $54.57 per hour, depending on experience, location, and employer.

What is the difference between Security Operation Analyst vs Security Engineer?

AspectSecurity Operation AnalystSecurity Engineer
CertificationsCompTIA Security+, CISSP, CEHCISSP, GIAC Security Certifications, CEH
Work EnvironmentMonitoring security alerts, incident response, threat analysisDesigning security systems, implementing security solutions, infrastructure setup
Employer & Industry UsageIT security teams in various industries, focusing on threat detectionSecurity architecture teams, focusing on system and network security design

The Security Operation Analyst primarily monitors and responds to security incidents, focusing on threat detection and incident management. In contrast, the Security Engineer designs and implements security measures to protect organizational infrastructure. Both roles require relevant certifications and work within security teams, but their core responsibilities differ significantly.

What does a Security Operation Analyst do?

A Security Operation Analyst is responsible for monitoring, detecting, and responding to cybersecurity threats within an organization. They work in Security Operations Centers (SOCs) to analyze security incidents, investigate suspicious activities, and implement measures to protect sensitive data and systems. Their role often includes using specialized tools to identify vulnerabilities, coordinating with IT teams to resolve issues, and maintaining up-to-date knowledge on emerging threats. By proactively managing security risks, they help ensure the organization's digital assets remain secure.

What are some common challenges faced by Security Operation Analysts, and how can they be addressed?

Security Operation Analysts often face challenges such as managing large volumes of alerts, staying ahead of emerging threats, and maintaining effective communication with other IT teams. To address these, analysts frequently use advanced security information and event management (SIEM) tools to prioritize incidents and automate routine tasks. Regular training and collaboration with colleagues in IT, compliance, and risk management also help analysts stay updated and respond more efficiently to incidents, ultimately strengthening the organization's security posture.

What are the key skills and qualifications needed to thrive as a Security Operation Analyst, and why are they important?

To thrive as a Security Operation Analyst, you need a strong foundation in cybersecurity principles, threat analysis, and incident response, typically supported by a relevant degree and industry certifications like CompTIA Security+ or CISSP. Familiarity with security information and event management (SIEM) tools, intrusion detection systems, and vulnerability assessment platforms is essential. Strong analytical thinking, attention to detail, and effective communication skills help you quickly identify, investigate, and resolve security issues. These skills and qualities are crucial for protecting organizational assets and ensuring a rapid, coordinated response to cyber threats.
More about Security Operation Analyst jobs
What cities are hiring for Security Operation Analyst jobs? Cities with the most Security Operation Analyst job openings:
What job categories do people searching Security Operation Analyst jobs look for? The top searched job categories for Security Operation Analyst jobs are:
Security Operation Analyst jobs near you
Infographic showing various Security Operation Analyst job openings in the United States as of May 2026, with employment types broken down into 77% Full Time, 6% Part Time, and 17% Contract. Highlights an 77% In-person, 6% Hybrid, and 17% Remote job distribution, with an average salary of $91,821 per year, or $44.1 per hour.

W2 Role - Security Operation Analyst in Austin, TX - Onsite Role

GDR Defense

Austin, TX • On-site

Contractor

Posted 7 days ago

Job description

Duration: 01/26/2026 - 08/31/2026
Location: 701 W. 51st Austin, TX 78751.
The working position is On Site

The Software Developer II performs advanced (senior-level) software development work focused on designing, building, testing, and optimizing Microsoft Sentinel capabilities for department projects. This role is responsible for developing custom automation playbooks, analytics rules, behavioral models, connectors, and integrations to support SOAR and UEBA functionality. The position works under limited supervision with considerable latitude for initiative, independent judgment, and technical leadership.

Essential Job Functions (EJFs)

1. Microsoft Sentinel SOAR Development (40%)

· Designs, develops, tests, and deploys Sentinel SOAR automation playbooks using Azure Logic Apps, Azure Functions, ARM templates, and REST APIs.

· Creates automated workflows for alert enrichment, triage, response actions, notification processes, and case management.

· Integrates Sentinel with third-party systems (EDR, IAM, ticketing systems, email gateways, firewalls, etc.) to automate security operations.

2. UEBA & Analytics Engineering (30%)

· Develops custom UEBA detection rules, anomaly models, ML-based behavior patterns, and advanced hunting queries (KQL).

· Builds and maintains analytics content, data parsers, normalization rules, and entity behavior profiles.

· Evaluates behavioral anomalies and collaborates with cybersecurity teams to fine-tune detection logic.

3. SIEM Content Development & Platform Engineering (15%)

· Designs and implements custom data connectors, ingestion pipelines, and data transformation logic.

· Creates dashboards, workbooks, hunting queries, and detection-as-code assets.

· Performs platform tuning to improve performance, reduce noise, and align to MITRE Telecommunication&CK and Zero Trust principles.

4. Application Development & Integration (10%)

· Develops supporting code modules, scripts, microservices, and helper APIs using Python, PowerShell, .NET, or similar languages.

· Works with DevOps pipelines, CI/CD processes, version control, and infrastructure-as-code where applicable.

5. Documentation, Collaboration & Support (5%)

· Writes technical design documents, SOPs, architecture diagrams, and automation runbooks.

· Collaborates with DSHS, HHSC CISO Office, and cross-functional stakeholders on requirements, testing, and deployment.

· Provides Tier III support for Sentinel engineering issues and participates in after-action reviews when needed.

Knowledge, Skills, and Abilities (KSAs)

Knowledge of:

· Microsoft Sentinel architecture, SOAR, and UEBA capabilities.

· Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.

· Security operations processes (triage, threat detection, incident response, threat modeling).

· MITRE Telecommunication&CK, NIST CSF, Zero Trust Architecture concepts.

· Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).

· CI/CD pipelines, DevOps practices, and Git-based version control.

· API integrations and JSON/YAML structures.

Skills in:

· Building Logic App workflows and custom Sentinel automation playbooks.

· Writing complex KQL queries for analytics, hunting, and behavioral detection.

· Developing custom connectors, data maps, and parsers.

· Designing and optimizing UEBA detection models.

· Debugging SOAR workflows and resolving integration issues.

· Communicating technical information clearly to both technical and non-technical audiences.

Abilities to:

· Work independently and take ownership of complex development tasks.

· Translate security requirements into scalable technical solutions.

· Analyze threat behaviors and develop meaningful detections.

· Work collaboratively with cybersecurity, infrastructure, and application teams.

· Manage multiple work assignments and meet deadlines.


II. CANDIDATE SKILLS AND QUALIFICATIONSMinimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/PreferredExperience4RequiredGraduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.2RequiredTwo (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.2RequiredTwo (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.3PreferredThree (3) or more years of hands-on technical experience with Microsoft Sentinel.1PreferredExperience developing UEBA models, anomaly detection rules, and behavior-based analytics.1PreferredExperience building Security Automation Playbooks (SOAR).1PreferredMicrosoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-3001PreferredExperience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.1PreferredExperience with DevOps pipelines (GitHub, Azure DevOps).1PreferredExperience working in a government, healthcare, or regulatory environment.